Using Process Explorer to debug a hung process

So I'm finally getting around to reading the help file for ProcessExplorer. ProcessExplorer is one of the most useful utilities for developers (and administrators) on Windows systems. It's basically Task Manager on steroids.

Before I started using ProcessExplorer encountering "File in use" errors while trying to move/rename a file was cause for scowling, cursing and gnashing of teeth. With ProcessExplorer tracking down the offending process is a cinch; just search for the first few letters of the filename (CTRL+F) and all open handles, along with the process that owns the handle, are displayed. Click on the handle and its owning process is highlighted in the real-time updated process list.

ProcessExplorer is also turning out to be really useful for debugging a hung process. If you drill down into a process you can list its currently executing threads. For any given thread you can see its call stack. To get entrypoint names instead of address offsets you'll need to install Windows symbols. I do this by using microsoft's public symbol server then caching the symbols to a local directory (c:\windows\symbols). To speed things up I usually open up visual studio, turn on symbol server downloading and debug a native application - this forces the most commonly used symbols (e.g., kernel32, user32, gdi, etc...) to download; subsequent access is much faster from the local symbol store.

Once you install symbols (Options -> Configure Symbol Server) you get an intelligible stack trace for each of the threads executing (or not as the case may be) in a hung process.

No comments:

Post a Comment